CVE-2024-24278
https://notcve.org/view.php?id=CVE-2024-24278
An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function. Un problema en el cliente de escritorio Teamwire Windows v.2.0.1 a v.2.4.0 permite a un atacante remoto obtener información confidencial a través de un payload manipula para la función de mensaje. • https://research.hisolutions.com/2020/08/web-vulnerabilities-are-coming-to-the-desktop-again-rces-and-other-vulnerabilities-in-teamwire • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-27622
https://notcve.org/view.php?id=CVE-2024-27622
A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated users with administrative privileges can inject and execute arbitrary PHP code. Se ha identificado una vulnerabilidad de ejecución remota de código en el módulo Etiquetas definidas por el usuario de CMS Made Simple versión 2.2.19. Esta vulnerabilidad surge de una sanitización inadecuada de la entrada proporcionada por el usuario en la sección "Código" del módulo. • https://github.com/capture0x/CMSMadeSimple https://packetstormsecurity.com/files/177241/CMS-Made-Simple-2.2.19-Remote-Code-Execution.html • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-0156
https://notcve.org/view.php?id=CVE-2024-0156
A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation. ... A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation. • https://www.dell.com/support/kbdoc/en-us/000222536/dsa-2024-032-security-update-for-dell-digital-delivery-for-a-buffer-overflow-vulnerability • CWE-122: Heap-based Buffer Overflow •
CVE-2023-46708 – Wlan has a use after free vulnerability
https://notcve.org/view.php?id=CVE-2023-46708
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-03.md • CWE-416: Use After Free •
CVE-2023-7243 – Ethercat Zeek Plugin Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2023-7243
This could allow an attacker to cause arbitrary code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-02 • CWE-787: Out-of-bounds Write •